Re: Challenges from challenge-response systems qualify as unsolicited
From: Nick Landsberg (hukolau_at_NOSPAM.att.net)
Date: 04/07/04
- Next message: Alan Connor: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Previous message: Alan Connor: "Re: Challenges from challenge-response systems qualify as"
- In reply to: Alan Connor: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Next in thread: Kevin S. Wilson: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 07 Apr 2004 01:32:15 GMT
Alan Connor wrote:
> On Wed, 07 Apr 2004 00:30:30 GMT, Nick Landsberg <hukolau@NOSPAM.att.net> wrote:
>
>>
>>John-Paul Stewart wrote:
>>
>>
>>>Alan Connor wrote:
>>>
>>
>>[Everything Snipped]
>>
>>Pardon for coming into this thread late, but
>>I have what I think is an honest question.
>>
>>I thought it was "conventional wisdom" (whatever
>>that is) that any kind of response to a spammer
>>only encourages them to send more? ("Hey,
>>I found a live Email addy, I can sell this
>>addy to the next spammer down the street!")
>>The end-result being that more and more SPAM
>>is generated to your addy for your machine to
>>filter (wasting CPU cycles while doing so).
>>
>>Or maybe I don't understand what is meant
>>by a challenge/response system?
>>
>
>
> The only people who do here, are all the spammers
> posing as spamhaters in order to discredit the
> one type of filter they can't beat.
My pardons, but there is nothing that is
unbeatable. If you believe there is, you
need a dose of reality. From other
posts here and from personal knowledge,
once one can forge either "From:" headers
or "Reply To:" headers one has beaten it.
>
> They do this regularly.
>
> No one that I know of uses JUST C/Rs in their filters.
>
> First, they run the mail through a passlist, making
> sure that they get all the mail they KNOW they want
> to get.
Easily done.
>
> Next, the rest is sent through a filter like SpamAssassin
> where the mail that is indisputably spam is sent to
> /dev/null.
I don't trust SpamAssassin or anything of that ilk
because it has been known to block Emails about
pending bills I have to pay. While programs such
as this try to "learn" about the spam, the spammers
"learn" how to mimic legitimate emails. What
happens is that legitimate Emails get categorized
as spam. Sending my Visa bill statement to /dev/null
is not an option for me.
>
> And LASTLY, the mail that might or might not be spam
> is sent a C/R.
>
> Twice. If no return is received from that address the
> second time it shows up, it is blocked and any further
> mail from that address goes straight to /dev/null.
And if the "From:" line or the "Reply To:" line is
forged? Or if the bank sending out my Visa bill
specifically says "Do not reply to this Email" because
they have an automated system which is not monitored
and all replies go to /dev/null?
>
> It is important, when using a system like this to
> passlist ANYONE you send mail to, to prevent C/R
> loops.
>
> See my lengthier description on this thread.
>
> AC
IMHO, all these attempts are treating symptoms
rather than causes. Treating the actual
causes may be more than just a technical
problem.
-- "It is impossible to make anything foolproof because fools are so ingenious" - A. Bloch
- Next message: Alan Connor: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Previous message: Alan Connor: "Re: Challenges from challenge-response systems qualify as"
- In reply to: Alan Connor: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Next in thread: Kevin S. Wilson: "Re: Challenges from challenge-response systems qualify as unsolicited"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
